Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d2/191451-1836-4bf8-ad1b-ba5ccc887047/1/wzD-Y1XRaC-02kl2ZMaS3E6fGFs.roa
File:                     wzD-Y1XRaC-02kl2ZMaS3E6fGFs.roa (raw, json)
Hash identifier:          J6QWqMXaVC1M4duQaZv5ICVDFegW9Ncnya/aGNgLbJc=
Subject key identifier:   C3:30:FE:63:55:D1:68:2F:B4:DA:49:76:64:C6:92:DC:4E:9F:18:5B
Certificate issuer:       /CN=25afaa1efb29ffa56e6f5d420622dff0697fa627
Certificate serial:       019E69199D8190AD9941F3E4383B413EC485
Authority key identifier: 25:AF:AA:1E:FB:29:FF:A5:6E:6F:5D:42:06:22:DF:F0:69:7F:A6:27
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ja-qHvsp_6Vub11CBiLf8Gl_pic.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d2/191451-1836-4bf8-ad1b-ba5ccc887047/1/wzD-Y1XRaC-02kl2ZMaS3E6fGFs.roa
Signing time:             Wed 27 May 2026 11:02:26 +0000
ROA not before:           Wed 27 May 2026 11:02:26 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     210378
IP address blocks:        160.63.240.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d2/191451-1836-4bf8-ad1b-ba5ccc887047/1/Ja-qHvsp_6Vub11CBiLf8Gl_pic.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d2/191451-1836-4bf8-ad1b-ba5ccc887047/1/Ja-qHvsp_6Vub11CBiLf8Gl_pic.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ja-qHvsp_6Vub11CBiLf8Gl_pic.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 13 Jun 2026 05:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:69:19:9d:81:90:ad:99:41:f3:e4:38:3b:41:3e:c4:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25afaa1efb29ffa56e6f5d420622dff0697fa627
        Validity
            Not Before: May 27 11:02:26 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=c330fe6355d1682fb4da497664c692dc4e9f185b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:b3:93:15:e4:6a:0f:50:94:75:cb:3f:cf:2f:
                    75:96:ac:5e:12:6e:3f:0d:6a:cf:c9:00:a3:b2:f0:
                    16:a6:61:0b:cd:a3:43:6e:e0:3d:c3:99:03:d4:67:
                    99:1d:16:fe:30:1c:3e:58:0f:5b:8d:b4:ac:65:46:
                    c9:7d:ce:95:fe:15:37:61:27:82:b1:5f:2f:52:23:
                    f3:5a:4a:8f:24:38:d6:6e:da:28:25:b1:30:50:19:
                    c6:43:6d:93:b7:40:61:2e:33:8d:71:cc:f9:00:8a:
                    d9:b9:ab:46:28:5a:05:42:7c:fb:cd:8b:5f:b5:f6:
                    8c:f2:0f:79:ff:4b:f7:ff:1d:51:b4:ef:85:29:38:
                    58:38:6b:1d:32:25:b4:cb:78:d8:16:bc:1b:2c:aa:
                    3f:65:58:58:6d:17:0b:85:c4:21:de:7e:60:90:d5:
                    62:32:06:8c:9b:3f:02:ad:be:8f:86:39:b8:31:92:
                    fd:49:69:51:d8:77:8a:9d:fa:b5:e0:c1:0f:30:51:
                    07:d0:fe:d2:a1:47:cb:a9:33:a0:b7:46:ce:4a:f6:
                    40:b4:c0:6c:70:2b:00:38:c5:f0:5e:5a:db:b6:26:
                    d8:40:6c:0e:21:26:f7:f3:50:93:40:6a:73:3d:de:
                    af:ba:c4:01:f5:e6:81:43:ca:32:0a:73:32:af:3e:
                    6f:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:30:FE:63:55:D1:68:2F:B4:DA:49:76:64:C6:92:DC:4E:9F:18:5B
            X509v3 Authority Key Identifier:
                keyid:25:AF:AA:1E:FB:29:FF:A5:6E:6F:5D:42:06:22:DF:F0:69:7F:A6:27

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ja-qHvsp_6Vub11CBiLf8Gl_pic.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/191451-1836-4bf8-ad1b-ba5ccc887047/1/wzD-Y1XRaC-02kl2ZMaS3E6fGFs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d2/191451-1836-4bf8-ad1b-ba5ccc887047/1/Ja-qHvsp_6Vub11CBiLf8Gl_pic.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.63.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7e:71:d6:d0:6b:ca:50:2f:81:6a:94:32:12:af:6c:16:0f:d0:
         80:9e:3b:2a:49:44:59:d9:41:62:69:e2:8a:2b:49:d6:68:2f:
         52:7e:3b:69:46:39:bd:b8:a3:f0:41:12:29:ed:88:d3:7e:32:
         57:3d:5a:2f:48:e3:e4:05:1d:f8:68:6b:69:63:ab:51:18:69:
         63:e8:bb:c5:c4:21:35:c2:97:1f:25:2c:93:8b:bb:79:52:ee:
         38:f1:c3:d7:fd:18:a2:7e:58:48:79:77:86:a9:ec:5e:32:37:
         f8:0e:9b:36:64:61:64:65:37:b2:50:8f:43:be:5a:d7:a1:cd:
         c7:f7:15:f8:1f:6b:6f:c9:7b:c1:2b:de:20:77:62:90:d1:ed:
         c9:5c:12:da:0d:10:d3:fc:18:9f:e3:37:c4:98:6b:6c:a0:5d:
         02:ab:d2:1b:e1:cf:3c:34:e0:02:44:14:ea:c4:31:5d:7c:2b:
         25:6d:73:db:6b:c7:74:58:9a:8e:39:ef:3b:d5:b0:99:2a:4b:
         3a:b4:3f:63:be:b6:35:e0:5c:84:c6:fc:bc:08:fe:b8:bb:f0:
         71:45:fc:34:9a:d1:b5:28:a8:bd:ac:ce:33:c8:67:03:81:40:
         30:bd:47:50:44:ce:7a:ca:ea:53:14:ab:c7:2a:bc:a8:75:81:
         3f:52:4a:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZ5pGZ2BkK2ZQfPkODtBPsSFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1YWZhYTFlZmIyOWZmYTU2ZTZmNWQ0MjA2MjJkZmYwNjk3
ZmE2MjcwHhcNMjYwNTI3MTEwMjI2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzMwZmU2MzU1ZDE2ODJmYjRkYTQ5NzY2NGM2OTJkYzRlOWYxODViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvLOTFeRqD1CUdcs/zy91lqxeEm4/
DWrPyQCjsvAWpmELzaNDbuA9w5kD1GeZHRb+MBw+WA9bjbSsZUbJfc6V/hU3YSeC
sV8vUiPzWkqPJDjWbtooJbEwUBnGQ22Tt0BhLjONccz5AIrZuatGKFoFQnz7zYtf
tfaM8g95/0v3/x1RtO+FKThYOGsdMiW0y3jYFrwbLKo/ZVhYbRcLhcQh3n5gkNVi
MgaMmz8Crb6Phjm4MZL9SWlR2HeKnfq14MEPMFEH0P7SoUfLqTOgt0bOSvZAtMBs
cCsAOMXwXlrbtibYQGwOISb381CTQGpzPd6vusQB9eaBQ8oyCnMyrz5vkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMMw/mNV0WgvtNpJdmTGktxOnxhbMB8GA1UdIwQY
MBaAFCWvqh77Kf+lbm9dQgYi3/Bpf6YnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmEtcUh2c3BfNlZ1YjExQ0JpTGY4R2xfcGljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMi8xOTE0NTEtMTgzNi00YmY4LWFkMWIt
YmE1Y2NjODg3MDQ3LzEvd3pELVkxWFJhQy0wMmtsMlpNYVMzRTZmR0ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMi8xOTE0NTEtMTgzNi00YmY4LWFkMWItYmE1Y2NjODg3MDQ3
LzEvSmEtcUh2c3BfNlZ1YjExQ0JpTGY4R2xfcGljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDoD/wMA0G
CSqGSIb3DQEBCwUAA4IBAQB+cdbQa8pQL4FqlDISr2wWD9CAnjsqSURZ2UFiaeKK
K0nWaC9SfjtpRjm9uKPwQRIp7YjTfjJXPVovSOPkBR34aGtpY6tRGGlj6LvFxCE1
wpcfJSyTi7t5Uu448cPX/RiiflhIeXeGqexeMjf4Dps2ZGFkZTeyUI9DvlrXoc3H
9xX4H2tvyXvBK94gd2KQ0e3JXBLaDRDT/Bif4zfEmGtsoF0Cq9Ib4c88NOACRBTq
xDFdfCslbXPba8d0WJqOOe871bCZKks6tD9jvrY14FyExvy8CP64u/BxRfw0mtG1
KKi9rM4zyGcDgUAwvUdQRM56yupTFKvHKryodYE/UkrA
-----END CERTIFICATE-----